Re: [squid-users] logging question

From: maxwell <maxwell@dont-contact.us>
Date: Wed, 4 Sep 2002 16:03:36 -0500 (CDT)

Hello :)

   Thank you for your reply, Ricardo. I do have GETs enabled in the
logging, and basically need to enable identical logging for other such
requests. https is not really an issue, as these sites are all
non-secured, and we have the relevant ports blocked in the firewall.
There aren't even any attempts logged for reaching https URLs, which leads
me to my conclusion that the employees in question are simply following
client demands. I can get the information of course through tcpdump or
any other packet logging tool, but I don't think I would have the time to
dump the data, organize it, and present it before the 'deadline' I must
deal with.

   I very much appreciate your well thought out reply, Ricardo, thank you.

On Wed, 4 Sep 2002, Ricardo Kustner wrote:

>
> Hi,
>
> maxwell wrote:
> > I will take your previous two messages to mean "I don't know how/if it
> > can be done with Squid", and will continue on to other avenues. Some
> > other user here may know how, or I may be able to discover a method
> > myself.
>
> > Is it possible to configure squid to log the full contents of all
> > form
> > submissions a user makes? I.E. all get/post/etc requests?
>
> All legal issues aside... I'm not sure how pratically possible this
> is... Most of all, if you have https encrypted sessions: the whole idea
> about ssl is that one cannot eavesdrop between the browser and the
> server on the other side... so neither squid nor any other proxy will be
> able to do this. So you'd have to ban https traffic.
> The only solution I can think of is some customized browser which keeps
> it's cache accessible on the network (but then I'm not sure if browsers
> cache encrypted pages)... or a special application which immitates
> everything a browser does, but as a bonus logs all posted data...
> in short I doubt if squid or any other web proxy application can do the
> amount of logging you need.
>
> hmmm on the other hand... if you would be able to tell squid to redirect
> all POST queries to a custom script, the script could dump the contents
> to a log and then pass it on the the original location maybe? (which
> still doesn't solve the ssl problem though)
> the GET queries can be easily turned on in the log btw...
>
> Regards,
>
> Ricardo.
>
>
>
>
>
Received on Wed Sep 04 2002 - 15:05:43 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:05 MST